Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Received call offering help re virus...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Received call offering help re virus...

Unread postby maxi » February 15th, 2012, 11:59 am

Hi johnnybgoode,
Step 1
Please remove the following programs:
mediabar
youtubedownloader


Step 2
Back-Up Registry
We need to backup your registry:
Please go to Start > Run
Paste in the following line:
Code: Select all
regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Step 3
Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
    [2012/02/04 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{5357C666-1CE9-4D39-A4F4-AFD02224B418}
    [2012/02/04 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{31D7F1A8-4262-410B-9C42-013B49FDAC5D}
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0813959E
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
         
    :files
    C:\Users\Jonathan Hinsull\Downloads\SEARCHSETTINGS.EXE
    C:\Users\Jonathan Hinsull\Downloads\YouTubeDownloaderSetup34.exe
    C:\Users\Jonathan Hinsull\Downloads\winamp5601_full_emusic-7plus_en-us.exe
       
    :commands
       
    [emptytemp]
    [createrestorepoint]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

In your next reply please include:
The OTL logfile.
A fresh DDS log.
How your computer is running.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Advertisement
Register to Remove

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 15th, 2012, 8:26 pm

Hi, I deleted the programs and backed up the registry.

However, the OTL file crashed and I had to restart my PC. Should I try again?
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 16th, 2012, 7:23 am

Hi johnnybgoode,

Could you expand on what happened when OTL crashed ? What error did you see ? How far did the program run for before it crashed ?

There is a chance it did what it was supposed to do, So you can check the location below to see if it created a logfile.
"C:\_OTL\Moved Files" followed by the date and time the scan was run.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 16th, 2012, 8:12 am

Hi Maxi,

A pop-up box appeared saying that it had stopped working. My my windows icons disappeared too, so I had to switch my pc off and back on again. There is a folder dated 2/16, but there are no files in the folder; just another folder (C_Users) and sub folders.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 19th, 2012, 6:42 am

Hi johnnybgoode,

Sorry for the delay. We will try this fix again :)

Please make sure that AVG's realtime scanner is disabled before you run the fix.

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
    O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
    [2012/02/04 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{5357C666-1CE9-4D39-A4F4-AFD02224B418}
    [2012/02/04 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{31D7F1A8-4262-410B-9C42-013B49FDAC5D}
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0813959E
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
         
    :files
    C:\Users\Jonathan Hinsull\Downloads\SEARCHSETTINGS.EXE
    C:\Users\Jonathan Hinsull\Downloads\YouTubeDownloaderSetup34.exe
    C:\Users\Jonathan Hinsull\Downloads\winamp5601_full_emusic-7plus_en-us.exe
       
    :commands
       
    [emptytemp]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

In your next reply Please include:
The OTL logfile.
How your computer is behaving now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 19th, 2012, 7:54 pm

Thank you for your help. I decided to bite the bullet and upgrade from Vista to Windows 7. This required me to reformat my hard disk and I'm hoping this will have removed any malware.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 21st, 2012, 2:27 pm

Your very welcome. Its not a bad idea to upgrade :) If you need any help with anything don't hesitate to come back to the forums :)

Regards maxi.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 21st, 2012, 5:39 pm

Thank you - very much appreciate your time and effort.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby Jack&Jill » February 21st, 2012, 7:48 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware